[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem when trying to authenticate squid with openldap server
Bruno Lamps <lampss@gmail.com> writes:
> Hi,
>
> Thanks Dieter Kluenter and Buchan Milne for answering to this, and everyone else that is reading this topic. =D
>
> It seems your ACLs are not sufficient for *any* simple binds to this DN.
>
> Please test the following on your LDAP server:
>
> $ ldapwhoami -x -D uid=lamps,ou=usuarios,dc=pisolar -W
>
> Until this command works, please don't bother with anything related to squid.
>
> Right, this command isn't working for any user, except cn=admin,dc=pisolar. I'm struggling with /etc/ldap/slapd.conf, to
> solve this. I probably tried to make the ACLs a bit too tight, and now they're choking me. =p
>
> Did you ever test simple binds to your LDAP server as these users except from
>
> squid? It doesn't seem like it ...
>
> I use this ldap base to authenticate my GLPI () system. But I think GLPI just grab all my base, using the ldap admin
> password, and transports it to it's mysql database. =/
>
> I'm currently testing different ACLs in /etc/ldap/slapd.conf. Right now, these are the rules:
>
> access to *
> by dn="cn=admin,dc=pisolar" write
> #by anonymous none
> #by self none
> by * read
>
> access to attrs=userPassword,shadowLastChange
> by dn="cn=admin,dc=pisolar" write
> by anonymous auth
> by self write
> by * none
>
> access to dn.base="" by * read
>
> What kind of mistake am I doing there? =S
man slapd.access(5)
http://www.openldap.org/doc/admin24/access-control.html
http://www.openldap.org/faq/data/cache/189.html
-Dieter
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:8EF7B6C6
53°37'09,95"N
10°08'02,42"E